git: 9b6284bda25a - stable/14 - MAC/do: find_rules(): Clarify the contract
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 03 Apr 2025 19:31:58 UTC
The branch stable/14 has been updated by olce:
URL: https://cgit.FreeBSD.org/src/commit/?id=9b6284bda25ad0921ad2c0a72f759e542831f251
commit 9b6284bda25ad0921ad2c0a72f759e542831f251
Author: Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-07-03 13:11:12 +0000
Commit: Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:30:57 +0000
MAC/do: find_rules(): Clarify the contract
While here, rename an internal variable.
Reviewed by: bapt
Approved by: markj (mentor)
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47596
(cherry picked from commit b2c661fe7e0b0dff859767a6a8714198b38dc235)
---
sys/security/mac_do/mac_do.c | 24 ++++++++++++++++--------
1 file changed, 16 insertions(+), 8 deletions(-)
diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index ce4ab7fa9e3a..dca5a1809966 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -153,24 +153,32 @@ out:
return (error);
}
+/*
+ * Find rules applicable to the passed prison.
+ *
+ * Returns the applicable rules (and never NULL). 'pr' must be unlocked.
+ * 'aprp' is set to the (ancestor) prison holding these, and it must be unlocked
+ * once the caller is done accessing the rules. '*aprp' is equal to 'pr' if and
+ * only if the current jail has its own set of rules.
+ */
static struct rules *
-find_rules(struct prison *spr, struct prison **prp)
+find_rules(struct prison *const pr, struct prison **const aprp)
{
- struct prison *pr;
+ struct prison *cpr;
struct rules *rules;
- for (pr = spr;; pr = pr->pr_parent) {
- prison_lock(pr);
- if (pr == &prison0) {
+ for (cpr = pr;; cpr = cpr->pr_parent) {
+ prison_lock(cpr);
+ if (cpr == &prison0) {
rules = &rules0;
break;
}
- rules = osd_jail_get(pr, mac_do_osd_jail_slot);
+ rules = osd_jail_get(cpr, mac_do_osd_jail_slot);
if (rules != NULL)
break;
- prison_unlock(pr);
+ prison_unlock(cpr);
}
- *prp = pr;
+ *aprp = cpr;
return (rules);
}